IBM Support

PH61176: SUPPORT THE PARTITIONED COOKIE ATTRIBUTE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as new function.

Error description

  • Third party cookies may fail to work once Chrome phases out
    support. A new cookie attribute is created to place them in
    the browser's "partitioned" storage and allow them to be used
    in cross-site requests (with restrictions). See links for more
    information.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All IBM WebSphere Application Server and    *
    *                  Liberty                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: WebSphere Application Server does not   *
    *                      support the Partitioned cookie          *
    *                      attribute.                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Chrome has deprecated third-party cookies and plans to phase
    them out in early 2025 (tentative).
    Rather than block all third party cookies, Chrome now supports
    a new attribute called "Partitioned" which will allow these
    cookies in some cross-site scenarios to prevent sites from
    breaking entirely.
    More information and examples can be found here:
    - https://developers.google.com/privacy-sandbox/3pcd/chips
    -
    https://developer.mozilla.org/en-
    US/docs/Web/Privacy/Privacy_san
    dbox/Partitioned_cookies
    - https://developers.google.com/privacy-sandbox
    Note: Partitioned only applies if the cookie is also marked as
    SameSite=None
    

Problem conclusion

  • WebSphere Application Server was updated to support the
    Partitioned attribute through three new properties. They only
    accept true or false. By default, cookies do not have the
    Partitioned attribute. When true is specified, and the cookie
    has the SameSite=None attribute, then Parititioned will also
    be added.
    
    These properties are much like SameSite config
    (https://www.ibm.com/support/pages/apar/PH22157).
    
    >> Channel Config (Applies to all outgoing Cookies)
    Property Name: sameSitePartitioned
    Value: true or false
    Location:
    WebSphere application servers > server_name. Under Web
    Container Settings, click Web container transport chains >
    chain_name > HTTP inbound channel > Custom properties
    
    Additional Information: The HTTP Channel has been updated to
    recognize Partitioned as a valid attribute, so it can be set
    via the HttpServletResponse#setHeader and HttpServletResponse
    #addHeader method calls when setting Cookie headers.
    
    
    
    >> Security Cookie Config
    
    Property Name:
    com.ibm.websphere.security.addPartitionedAttributeToCookie
    Value: true or false
    
    Location:
    Security > Global security > Custom properties.
    
    
    
    >> Session Cookie Config
    Property Name: CookiePartitioned
    Value: true or false
    Location:
    
    Servers > Server Types > WebSphere application servers >
    server_name > Session management
    
    
    It is important to note that the session and security
    properties take precedence over the channel configuration,
    much like the SameSite configuration.  For example, if
    session's CookiePartitioned is false, but channel's
    sameSiteNone is all and channel's sameSitePartitioned is true
    then the session cookie will not be partitioned.
    
    The fix for this APAR is targeted for inclusion in fix packs
    8.5.5.26, 9.0.5.20, and Liberty 24.0.0.7 (tentative).
    
    The Github epic for Liberty can be found here:
    https://github.com/OpenLiberty/open-liberty/issues/27405
    
    Instructions for configuring Liberty and other information
    regarding partitioning will be linked here later once the blog
    post is published.
    
    
    For more information, see 'Recommended Updates for WebSphere
    Application Server':
    https://www.ibm.com/support/pages/node/715553
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH61176

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-05-01

  • Closed date

    2024-06-05

  • Last modified date

    2024-06-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
05 June 2024